From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 12 Feb 2010 15:17:16 -0500
Subject: [refpolicy] system_unconfined.patch
In-Reply-To: <4AFC8970.5080708@redhat.com>
References: <4AFC8970.5080708@redhat.com>
Message-ID: <1266005836.11004.30.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2009-11-12 at 17:17 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_unconfined.patch
> 
> Split out unconfined_t from unconfined_domain.

I don't know if this will ever be upstreamable in a fashion you like.
My understanding is that you want to be able to have the unconfined_t
domain loaded without the unconfined_domain module loaded, so
unconfined_t is the only unconfined domain.  To be acceptable for
upstreaming, the unconfined role would have to unconditionally depend on
the unconfined domain module, which wouldn't allow you want.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150